Impact statement for the OCPBUGS-63310 series:

Which 4.y.z to 4.y'.z' updates increase vulnerability?

• Updates from 4.18.* to 4.19.*

Which types of clusters?

• Clusters with nodes utilizing NVME disks Samsung PM1733 configured for use at /dev/disk/by-id

What is the impact? Is it serious enough to warrant removing update recommendations?

• Storage configured to use /dev/disk/by-id may not be available after reboot due to device link changes associated with the fix for https://issues.redhat.com/browse/RHEL-91163 present in kernel-5.14.0-570.22.1.el9_6 and later

How involved is remediation?

• Dependent on use case it may be possible to reconfigure storage to use the new id to work around the change
• Dependent on use case it may be possible to SSH to affected nodes and update links to the new device path

Is this a regression?

• Yes, we do not expect disk IDs to change within a given RHEL major version as it appears to have done between 9.4 and 9.6 on certain models

Additional investigation is on going and this description will be updated as things progress.